ClawHub

Active Defense Sentinal

Security checks across malware telemetry and agentic risk

Overview

This appears to be a defensive security skill, but it exposes sensitive host and browser-session details and can modify installed skills, so users should review it before installing.

Install only if you are comfortable with a defensive skill that can run local scanners, inspect host/browser health, and modify OpenClaw skill directories when its helper scripts are invoked. Avoid running host-guard or browser-health checks in shared transcripts unless you are prepared for process arguments, listener details, usernames, or debugger URLs to appear in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises multiple executable helper scripts and a Python wrapper that can read/write files, invoke shell commands, and perform networked installs/scans, yet the skill metadata declares no permissions. This creates a capability-transparency gap: a caller or policy engine may treat the skill as lower risk than it actually is, increasing the chance of unintended execution of host-mutating or network-retrieving actions.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The host-guard command collects and prints detailed local telemetry including username, process listings with arguments, listening sockets, and disk state. In an agent skill context, this exceeds minimally necessary bounded triage and can expose sensitive operational data, secrets embedded in process arguments, or internal service topology to logs, upstream systems, or an attacker who can induce the command to run.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The network health check connects to the local browser debugging endpoint and then prints browser identity, target counts, and the WebSocket debugger URL. Even though the endpoint is local by default, exposing session metadata and debugger URLs without an explicit warning can leak sensitive browser/session details through logs or higher-level agent outputs, especially in shared or remotely monitored environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The host-guard routine gathers and emits sensitive host information without a prominent warning, including user identity, process command lines, listening sockets, and filesystem usage. In an agent-operated environment, this can unintentionally disclose secrets, internal network exposure, and host fingerprints to logs, model context, or external observers, making reconnaissance and lateral movement easier.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal